itman

As far as the SMB log entries shown, that is controlled by Eset Network Protection -> IDS -> Advanced options -> Packet Inspection -> Deny SMB sessions without extended security setting. Per Eset online help: The setting controlling ICMP Hidden Channel detection is also located under Packet Inspection settings and is named "Covert data in ICMP protocol detection." The thing that is odd is the majority of the source IP address are coming from 10.8.x.x addresses. That IP address range is associated with NAC RADB TESTING; ref.: http://www.irr.net/docs/faq.html and appears to be associated with the testing of peer-to-peer Internet routing connections. If you are using a VPN, I would ask them why these connections are showing up on your router. Additional ref. here: https://www.apnic.net/about-apnic/whois_search/about/what-is-in-whois/irr/

One possibility here is the router has a problem with DHCP in regards to establishing an IPv6 address lease for your PC. Your ISP appears to keep pinging the router with different IPv6 addresses to verify connectivity. Do a hard reset on your router and then reboot your PC and see if that eliminates the Eset firewall blocked ICMPv6 activity.

What .pdf reader are you using? Eset works fine with Adobe Reader's browser add-on in IE11 for example.

You can also use the Eset offline installation method to install NOD32 as noted here: https://support.eset.com/kb2885/?pmv=print&locale=hu_HU&viewlocale=en_US . Note: you want to download ver. 12.0.31 which is the most current ver..

Refer to this for possible solutions: https://support.eset.com/kb2955/ . Reply back if you are still having installation issues.

My best guess is NOD32 was not completely uninstalled and remnants of it still exist. As noted in the Eset Knowledgebase article on the installer, it is sometimes necessary to run it multiple times. It may also be necessary to manually uninstall any existing Eset drivers if they exist in Windows device manager : https://support.eset.com/kb2289/?locale=en_US&viewlocale=en_US

If the ransomware is indeed GrandCrab 5.1, you can download the Bitdefender decrypter here: https://www.bleepingcomputer.com/news/security/gandcrab-decrypter-available-for-v51-new-52-variant-already-out/ Also more info on how to use the tool is here: https://labs.bitdefender.com/2018/10/gandcrab-ransomware-decryption-tool-available-for-free/ . It appears they haven't updated the site yet to show details on the suffix/s used by the 5.1 version.

If you need further inducement to apply the above SMBv1 mentioned patch, here's another one attacking Italian concerns: https://blog.trendmicro.com/trendlabs-security-intelligence/monero-miner-malware-uses-radmin-mimikatz-to-infect-propagate-via-vulnerability/

Do you have issues with other software updating? How about Win Updates - do they download and install within a reasonable amount of time?

What I am wondering is if for some strange reason on this device, Eset has gotten stuck in a never ending update loop. Perhaps caused by updates running at default scheduled times but prior updates still in progress; or Eset detects they are but in reality are not? What might be worth a shot is to temporarily disable all updating as shown in the Eset Knowledgebase article: https://support.eset.com/kb2767/ . Reboot the device. Then verify if the product updating activity has stopped. If the product updating activity has ceased, then reenable the previous disabled settings and verify that Eset is now updating as scheduled and without issue. If after reboot the product updating activity is still active, let the device run for a while to complete any current activity in process. Once that stops, then reenable the previous disabled settings and verify that Eset is now updating as scheduled and without issue.

Or, just post a screen shot with the Eset alert shown. Do you use Chrome as your browser?

Again as previously explained, its a scam e-mail. Everything stated in the e-mail is untrue. Sometimes a bit of deductive logic goes a long way in these situations. If the e-mail author had all the capability he states, your PC would already have had all its files encrypted and you would be greeted with the typical ransomware desktop screen at boot time. BTW - you should not be opening e-mails from unknown/untrusted sources unless you previously verified that the sender was legitimate.

FYI - MSRT is downloaded and run with each Win Update monthly cumulative update as noted in the link reference posted below. Therefore, there is no need to download it separately. It is also of dubious effectiveness: https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx As far as Microsoft Safety Scanner which is a bootable media installation, you can create a more effective like solution using the Eset "SysRescue Live" option available in the Eset GUI Tools section. Bottom line - Eset provides you with all the system security you need.

Correct. But you should verify this using Win Security Center. The below screen shot is for Win 10 1809: Correct. Although really not needed, running most non-realtime security software for a second opinion should cause no issues. For example, you could configure Windows Defender to perform "Periodic scanning." The only issue in this regard and possibly with other like security software is system resource usage. In the case of Windows Defender, it will load its engine at boot time which consumes quite a bit of memory although the engine is only used for its once a day periodic scanning.

Doubt the installation of Eset has anything to do with this browser error. The error is usually an access permissions issue associated with a directory/file on the server you are connected to. Additional causes are here: https://www.lifewire.com/403-forbidden-error-explained-2617989 . I would contact the vendor associated with survey as to possible causes and remedies.